CVE-2021-26676

Name

CVE-2021-26676

Description

gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
Mailing List	https://www.openwall.com/lists/oss-security/2021/02/08/2
Issue Tracking	https://bugzilla.suse.com/show_bug.cgi?id=1181751
Release Notes	https://git.kernel.org/pub/scm/network/connman/connman.git/tree/ChangeLog
Patch	https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa
Patch	https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1
Mailing List	https://lists.debian.org/debian-lts-announce/2021/02/msg00013.html
Third Party Advisory	https://www.debian.org/security/2021/dsa-4847
MISC	https://kunnamon.io/tbone/
GENTOO	https://security.gentoo.org/glsa/202107-29

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:intel:connman::::::::`	connman	>= None	< 1.39

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
connman	3.14-community	1.39-r0	Clayton Craft <clayton@craftyguy.net>	fixed